top of page
Search
Writer's pictureSiddhesh Kadam
3 min read

Ansible User Module

Ansible User module allow to Manage user accounts though playbook. It offers various kind of User administration task. So in this session we'll try to cover mostly used ansible user module scenarios.


Scenario 1 : Creation of new user. In this scenario we'll see how to create a new user on remote server. 

[root@siddhesh ~]# cat user.yml
- hosts: dbserver
  tasks:
  - name: Create user tecgeek on remote server
    user:
      name: tecgeek
      password: $1$W10cbf7I$pT.jZyF63JKugycSwtRO3/
[root@siddhesh ~]#

Here :

- hosts: dbserver ==> Host Inventory Group On which this action needs to be performed. - name: Create user tecgeek on remote server ==> Task Description user: ==> Load User Module

name: ==> Name of user to create on remote server password: $1$W10cbf7I$pT.jZyF63JKugycSwtRO3/ ==> Hash string of password which you can easily grab from /etc/shadow file.


Now lets run this playbook to see how it works.

[root@siddhesh ~]# ansible-playbook user.yml -v
Using /etc/ansible/ansible.cfg as config file

PLAY [dbserver] *****************************************************************************************************************************************************

TASK [Gathering Facts] **********************************************************************************************************************************************
ok: [node1.tecgeek.info]

TASK [Create user tecgeek on remote server] *************************************************************************************************************************
changed: [node1.tecgeek.info] => {"changed": true, "comment": "", "createhome": true, "group": 1005, "home": "/home/tecgeek", "name": "tecgeek", "password": "NOT_LOGGING_PASSWORD", "shell": "/bin/bash", "state": "present", "system": false, "uid": 1005}

PLAY RECAP **********************************************************************************************************************************************************
node1.tecgeek.info         : ok=2    changed=1    unreachable=0    failed=0
[root@siddhesh ~]#

In above output you can see that changed activity of remote server. Now lets verify on remote server, you should be able to to login with the same password from which you have collected hash string.


On remote server run following command to verify user presence :

[root@node1 ~]# grep tecgeek /etc/passwd
tecgeek:x:1005:1005::/home/tecgeek:/bin/bash
[root@node1 ~]# grep tecgeek /etc/shadow
tecgeek:$1$W10cbf7I$pT.jZyF63JKugycSwtRO3/:18384:0:99999:7:::
[root@node1 ~]#

Scenario 2 : Creation of user with predefined properties. In previous scenario we saw that how to create a user, In this scenario we'll see how to feed predefined user properties while creation of user. 

[root@siddhesh ~]# cat user.yml
- hosts: dbserver
  tasks:
  - name: Create user tecgeek1 on remote server
    user:
      name: tecgeek1
      password: $1$W10cbf7I$pT.jZyF63JKugycSwtRO3/
      uid: 5555
      shell: /sbin/nologin
      home: /tmp/tecgeek1
      groups: root,redis
[root@siddhesh ~]#

Here :

- hosts: dbserver ==> Host Inventory Group On which this action needs to be performed. - name: Create user tecgeek1 on remote server ==> Task Description user: ==> Load User Module name: ==> Name of user to create on remote server password: $1$W10cbf7I$pT.jZyF63JKugycSwtRO3/ ==> Hash string of password which you can easily grab from /etc/shadow file.

uid: 5555 ==> Assign 5555 as an user identification number

shell: /sbin/nologin ==> Assign custom shell profile to restrict this user from login

home: /tmp/tecgeek1 ==> Set customize home directory group: root,redis ==> Add this user to group root,redis group


Now lets run this playbook and see it on remote server.

[root@siddhesh ~]# ansible-playbook user.yml -v
Using /etc/ansible/ansible.cfg as config file

PLAY [dbserver] *****************************************************************************************************************************************************

TASK [Gathering Facts] **********************************************************************************************************************************************
ok: [node1.tecgeek.info]

TASK [Create user tecgeek1 on remote server] ************************************************************************************************************************
changed: [node1.tecgeek.info] => {"changed": true, "comment": "", "createhome": true, "group": 5555, "groups": "root,redis", "home": "/tmp/tecgeek1", "name": "tecgeek1", "password": "NOT_LOGGING_PASSWORD", "shell": "/sbin/nologin", "state": "present", "system": false, "uid": 5555}

PLAY RECAP **********************************************************************************************************************************************************
node1.tecgeek.info         : ok=2    changed=1    unreachable=0    failed=0
[root@siddhesh ~]#

As you can see that user successfully got created on remote server by using our predefined parameters. Lets verify this on remote server :

[root@node1 ~]# grep tecgeek1 /etc/passwd
tecgeek1:x:5555:5555::/tmp/tecgeek1:/sbin/nologin
[root@node1 ~]# grep tecgeek1 /etc/group
root:x:0:tecgeek1
redis:x:990:tecgeek1
tecgeek1:x:5555:
[root@node1 ~]# grep tecgeek1 /etc/shadow
tecgeek1:$1$W10cbf7I$pT.jZyF63JKugycSwtRO3/:18384:0:99999:7:::
[root@node1 ~]#

Scenario 3 : Deletion of user from remote server. So far we have seen that user creation task which can be easily performed through Ansible user module, Now lets try to delete already present user from remote server. In this example we'll delete user tecgeek1. 

[root@siddhesh ~]# cat user.yml
- hosts: dbserver
  tasks:
  - name: Delete user tecgeek1 from remote server
    user:
      name: tecgeek1
      state: absent
[root@siddhesh ~]#

Here :

- hosts: dbserver ==> Host Inventory Group On which this action needs to be performed. - name: Delete user tecgeek1 from remote server ==> Task Description user: ==> Load User Module name: tecgeek1 ==> Name of user to delete from remote server

state: absent ==> make sure that user should be remove from remote server. So absent is to remove user.


Lets execute this playbook and see its impact on remote server.

[root@siddhesh ~]# ansible-playbook user.yml -v
Using /etc/ansible/ansible.cfg as config file

PLAY [dbserver] *****************************************************************************************************************************************************

TASK [Gathering Facts] **********************************************************************************************************************************************
ok: [node1.tecgeek.info]

TASK [Create user tecgeek1 on remote server] ************************************************************************************************************************
changed: [node1.tecgeek.info] => {"changed": true, "force": false, "name": "tecgeek1", "remove": false, "state": "absent"}

PLAY RECAP **********************************************************************************************************************************************************
node1.tecgeek.info         : ok=2    changed=1    unreachable=0    failed=0
[root@siddhesh ~]#

Post execution of this playbook you can verify user properties on remote server. User profile should be deleted from all files ie /etc/passwd, /etc/group, /etc/passwd etc....

[root@node1 ~]# grep tecgeek1 /etc/shadow
[root@node1 ~]# grep tecgeek1 /etc/group
[root@node1 ~]# grep tecgeek1 /etc/passwd
[root@node1 ~]#

To find more such action please refer ansible-doc guide as follow. 

[root@siddhesh ~]# ansible-doc -s user






Comments

Rated 0 out of 5 stars.
No ratings yet
Add a rating
bottom of page